Yonatan Gizachew Achamyeleh (University of California, Irvine), Harsh Thomare (University of California, Irvine), Mohammad Abdullah Al Faruque (University of California, Irvine)
Large language models (LLMs) have recently been applied to binary decompilation, yet they still treat code as plain text and ignore the graphs that govern program control flow. This limitation often yields syntactically fragile and logically inconsistent output, especially for optimized binaries. This paper presents HELIOS, a framework that reframes LLM based decompilation as a structured reasoning task. HELIOS summarizes a binary’s control flow and function calls into a hierarchical text representation that spells out basic blocks, their successors, and high level patterns such as loops and conditionals. This representation is supplied to a general purpose LLM together with raw decompiler output, optionally combined with a compiler in the loop that returns error messages when the generated code fails to build.
On HumanEval-Decompile for x86_64, HELIOS raises average object file compilability from 45.0% to 85.2% for Gemini 2.0 and from 71.4% to 89.6% for GPT-4.1 Mini. With compiler feedback, compilability exceeds 94% and functional correctness improves by up to 5.6 percentage points over text only prompting. Across six architectures drawn from x86, ARM, and MIPS, HELIOS reduces the spread in functional correctness while keeping syntactic correctness consistently high, all without fine tuning. These properties make HELIOS a practical building block for reverse engineering workflows in security settings where analysts need recompilable, semantically faithful code across diverse hardware targets.